copybara | d852f48e1c8a37d11f9dfb90f339316a5a3fa012bf152db43de1e81b45a69ba7 | Triage

Resubmissions

17-10-2024 22:13

241017-142vhasglp 10

Sharing

General

Target

MediobancaToken.apk
Size

4.7MB
Sample

241017-142vhasglp
MD5

1150d0bf3a077be4f33eb487129d389a
SHA1

0fc8c1e2c08fd3dc83ceb72a4848c9aab66b7d57
SHA256

d852f48e1c8a37d11f9dfb90f339316a5a3fa012bf152db43de1e81b45a69ba7
SHA512

cd6d0097d67420d7596c3015f1b7ed777b42b7ac5b842f3107043bc3609fe3a2b391d7964d6262304ccc5255d51cbed0053a9e7e99ad350e85a1e838579cfa98
SSDEEP

98304:V9hinlhin6Vhinahinx1hin6hinshinUhinwFWKeUzE4b60sgPo8vI:VbCzC6DC8CxjCcCyCKCwFPecO0dhvI

Score

10^/10

copybara android collection credential_access discovery evasion impact persistence

Malware Config

Targets

- Target
  
  MediobancaToken.apk
- Size
  
  4.7MB
- MD5
  
  1150d0bf3a077be4f33eb487129d389a
- SHA1
  
  0fc8c1e2c08fd3dc83ceb72a4848c9aab66b7d57
- SHA256
  
  d852f48e1c8a37d11f9dfb90f339316a5a3fa012bf152db43de1e81b45a69ba7
- SHA512
  
  cd6d0097d67420d7596c3015f1b7ed777b42b7ac5b842f3107043bc3609fe3a2b391d7964d6262304ccc5255d51cbed0053a9e7e99ad350e85a1e838579cfa98
- SSDEEP
  
  98304:V9hinlhin6Vhinahinx1hin6hinshinUhinwFWKeUzE4b60sgPo8vI:VbCzC6DC8CxjCcCyCKCwFPecO0dhvI
Score

7^/10

collection credential_access discovery evasion persistence impact
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Impair Defenses

Prevent Application Removal

Input Injection

Virtualization/Sandbox Evasion

System Checks

Credential Access

Clipboard Data

Input Capture

GUI Input Capture

Keylogging

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Clipboard Data

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Data Manipulation

Transmitted Data Manipulation

Input Injection

Tasks

static1

behavioral1

collectioncredential_accessdiscoveryevasionpersistence

behavioral2

collectioncredential_accessdiscoveryevasionimpactpersistence

behavioral3

collectioncredential_accessevasionimpactpersistence